CISA Flags TP-Link and WhatsApp Flaws in KEV Catalog Amid Ongoing Exploitation
image import
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added two newly discovered vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations about the growing risk of active exploitation. These flaws impact TP-Link TL-WA855RE Wi-Fi Range Extenders and the WhatsApp messaging platform, with both being used in real-world attacks.
TP-Link TL-WA855RE Vulnerability (CVE-2020-24363)
A high-severity vulnerability, tracked as CVE-2020-24363 with a CVSS score of 8.8, affects TP-Link’s TL-WA855RE Wi-Fi Range Extender. The flaw stems from missing authentication mechanisms, allowing an attacker on the same network to trigger a TDDP_RESET POST request. By doing so, the device can be forced into a factory reset and reboot state.
This reset grants the attacker the ability to configure a new administrative password, bypassing the device’s access control.
Researchers from malwrforensics confirmed that the issue was addressed in firmware update TL-WA855RE(EU)_V5_200731. However, because this product has already reached end-of-life (EoL) status, it is no longer supported with future security updates. CISA strongly recommends that users replace this model with newer, actively supported devices to ensure ongoing protection.
CISA has not disclosed which threat actors are exploiting this flaw or the scale of these attacks, but its inclusion in the KEV catalog confirms real-world malicious use.
WhatsApp Exploitation (CVE-2025-55177 and CVE-2025-43300)
CISA has also flagged a second case of active exploitation involving WhatsApp. The flaw, CVE-2025-55177 (CVSS score: 5.4), was revealed by WhatsApp last week. Attackers exploited it as part of a highly targeted spyware campaign, chaining it with another vulnerability affecting Apple iOS, iPadOS, and macOS systems (CVE-2025-43300, CVSS score: 8.8).
WhatsApp told The Hacker News that fewer than 200 users received in-app notifications warning them about possible targeting. While details about the threat actors remain unclear, evidence suggests the involvement of a commercial spyware vendor.
Required Mitigations
CISA has directed Federal Civilian Executive Branch (FCEB) agencies to implement all required mitigations for these flaws by September 23, 2025, in order to reduce the impact of active threats.
These advisories highlight the importance of timely patching, replacing unsupported hardware, and staying alert to targeted spyware operations that increasingly rely on chaining vulnerabilities across platforms.
